Payment Fraud & Scams against Private Persons & Businesses – Focus on UK
Fraud is probably the most commonly attempted and or experienced crime in the world. Fraud encompasses many activities but at its core involves an attempt to steal, ultimately for financial gain. This includes dishonesty or deception, but under law is frequently a separate offence from theft, with less elements in order to prove and or to convict.
Whilst in many cases a “fraud” can be attempted and successfully carried out against a victim without the victims involvement or active knowledge, “scams” usually involve in some way the victim’s unwitting participation.
As more activities move online or are accessed through digital channels, the availability, speed, cost and ease of use provides significant benefits, but at the same time offers ever increasing opportunities for criminals to benefit, either by obtaining personal credentials to make payments and or acquire goods using victims moneys where they have no knowledge of the activity until after the event, or by tricking the victim through a deception and the victim authorising or involved in a payment they would otherwise not agree to.
In both cases, criminals are involved in acquiring personal information, either to carry out a financial crime directly or by using social engineering techniques to get to know and to ultimately persuade the victim to part with their money through deception. Criminals can also co opt others, for example so call money mules to receive payments and pass on funds through their accounts to attempt to make it harder to track and trace defrauded funds.
The popularity of different types of frauds and scams will vary between countries, often depending upon the economic cycle, the awareness of fraud and scam risks and the controls and response levels by those responsible for in particular the financial and payment systems, but this should also involve retailers and those involved in commerce as well as online platforms and social media and digital technology providers too.
In this paper the focus is on victims as private individuals and or businesses that are targeted by third party criminals through fraud and or scams and not on other main areas of fraud, for example fraud against government programmes, such as heath or welfare and social security or tax fraud or for fraud against insurance companies with respect to fraudulent claims or against companies from insider threats which may well be significantly higher in terms of financial losses incurred, but are not the main focus of this paper.
For more details on Fraud in the UK and the Response to Fraud in the UK over 5 decades and a detailed chronology see: HERE
2. Executive Summary: 10 Key Insights:
3. Relevant Factors:
A number of factors have driven the increase in fraud and scams, though the rate of growth appears to be plateauing as increased awareness of fraud and scams, anti fraud and scam responses are deployed. These underlying factors that increase the opportunity for fraud and scams include:
- the numbers of citizens carrying financial transactions online and or via digital means
- the amount of non cash transactions, for example online and other digital like mobile transactions
- the numbers of financial relationships each citizen has, and the related amount of financial and personal information shared with financial services providers and other related parties
- the numbers of social media accounts and data exchanged including personal information
- the numbers of digital devices registered to and used by citizens.
4. Fraud Estimates for the UK :
Estimates for overall fraud vary. A widely accepted estimate of fraud loss was published by the UK’s Association of Chief Police Officers in 2006 estimating a minimum figure for the direct costs of fraud was almost £13 billion.
The UK’s National Fraud Authority published 3 estimates during its 4 year existence for years 2010 through to 2013, updating the estimate from £30 billion in 2010 to £39 billion in 2011 to £79 billion in 2012 & to £52 billion in 2013 was down from £73 billion in 2012 and up from £38 billion in 2011.
When broken down by sector, the indicator in 2013 revealed that fraud losses:
- to the public sector amounted to £20.6 billion,
- to the private sector lost £21.2 billion,
- to individuals lost £9.1 billion.
- to the not-for-profit sector lost £147 million
A private study published in 2017 & described as an Annual Fraud Indicator, estimated fraud,
- cost the public sector at least £40.3 billion (21.2%) annually (tax, health, benefit fraud etc),
- cost the private sector £140 billion (74%) annually (procurement, payroll, payment fraud etc),
- cost individuals an estimated £6.8 billion (3.6%); &
- cost charities of £2.3 billion (1.2%).
In June 2021, the House of Commons Public Accounts Committee published a report on Fraud (and error) focussed just on the public sector with fraud and error estimated to cost up to £51.8 billion (range of £29.3 billion to £51.8 billion) every year with £26.8 billion estimated to be in the main tax and benefits systems.
5. The Fraud & Scam Ecosystem:
Payment Fraud & Scams are not the largest reservoir of losses, but are the most prevelant. They target and involve numerous elements of the Fraud and Scam ecosystem (see Chart below). They target individuals and businesses, are enabled by insiders, cyber tools, identified theft and by organised crime and use money laundering techniques and virtual currency to cash out their proceeds. The use various channels including those that indirect support them, such as online platforms telcos, tech companies & social media and finance and insurance and virtual currency who are therefore directly impacted also as the channel to pay out. The Response comes from many sources both public and private, but is best carried out under a strategy that looks at different frauds and scams and across the ecosystem to build effective collaborations
6. Main Payment Fraud & Scam Types:
For the purposes of this paper, two main types of fraud are used, the first unauthorised payment fraud and the second authorised payment scams.
6.1 Main Unauthorised Payment Fraud Types:
In 2021 there was more than 2.9 million unauthorised fraudulent payment related transactions carried out in the UK generating losses of £730 million.
6.1.1 Payment Fraud Mainly Targeting Individuals: whilst payment frauds target businesses as well as individuals, business usually have much more robust protections and so whilst each of these payment frauds are relevant for businesses and individuals, more cases and losses are against individuals,
- Remote Purchase Card not Present: where criminals use stolen card details to buy goods (via internet, phone, mail order), using stolen card details, e.g., via 3rd-party data breaches & via phishing emails & text message.
- Counterfeit Card Fraud: which occurs when a criminal creates a fake card using information obtained from the magnetic stripe. Criminals commonly attach concealed or disguised devices to the card- reader slots of ATMs and unattended payment terminals, such as self-service ticket machines at railway stations, cinemas & car parks.
- Lost and or Stolen Card Fraud: this fraud occurs when a criminal uses a lost or stolen card to make a purchase or payment (whether remotely or face-to-face) or takes money out at an ATM or in a bank branch.
- Card ID Theft: where a criminal uses a fraudulently obtained card or card details, along with stolen personal information, to open or take over a card account held in someone else’s name. This type of fraud is split into two categories: third-party application fraud and account takeover fraud.
- Cheque Fraud: for example i) printing counterfeit cheques on non-bank paper to look exactly like genuine cheques, drawn by a fraudster on genuine accounts; ii) altering a genuine cheque that has been made out by the customer but has been changed by a criminal e.g. by altering the beneficiary’s name or the amount of the cheque.
- Lost and or Stolen Card Fraud: this fraud occurs when a criminal uses a lost or stolen card to make a purchase or payment (whether remotely or face-to-face) or takes money out at an ATM or in a bank branch.
- Unauthorised Remote Banking: where a criminal gains access to an individual’s bank account through one of the three remote banking channels (internet banking, telephone banking and or mobile banking) and makes an unauthorised transfer of money from the account.
6.1.2 Cyber Enabled Payment Fraud: In order to successfully carry out payment fraud, other preparatory crimes have to be committed, often including identity theft, or other forms of theft,
using deception or computer or other technology misuse, either by the criminal or more usually by others, who provide illegally harvested information to the criminal that carries out the final act of payment fraud. These fraudsters benefit from other criminals expertise, for example in hacking systems to acquire personal information including financial information and making that available, in particular on the dark web, often known as “cyber as a service”. Once acquired at a price, more information may be required, which could involve acquiring additional information, either through social engineering, and or engaging with the target directly, including intercepting mail.
6.2 Main “Authorised” Scam Types:
In 2021 there was more than 195 thousand successful (authorised through deception) scam transactions carried out in the UK generating losses of £730 million. Payment scams target individuals and businesses but the success rate is greater in terms of losses for criminals is much higher against individuals with losses split between personal (£505.8 million) and non-personal or business (£77.4 million). Most successful scams generate higher values when successful against businesses which are higher value targets with average scam losses much higher.
6.2.1 Scams Mainly Targeting Individuals:
- Impersonation scams have seen big increases and criminals have turned to mass scam texts, phone calls and emails impersonating trusted organisations such as the health services, the police, banks or the government, utility companies, e-commerce firms, delivery companies and broadband providers in a bid to defraud consumers to trick people into giving away their personal and financial details. A derivative of this is the “fake friend” or “it’s me” scam where grandparents or asked for help from kin they haven’t heard of in a long time. A UK adaptation of this is the ‘Hi mum’ scam where adults receive texts or WhatsApp messages claiming to be from their child who has lost their phone, and need financial help.
- Investment scams: Another area that criminals have been seeking to benefit is by preying on people’s financial insecurities during and following the pandemic by promoting investments promising high returns. Previously criminals typically used cold calling to target their victims, however now indications are that they are now using sophisticated techniques to commit this form of fraud, including abusing Search Engine Optimisation and creating fake comparison websites to drive customers to cloned scam websites. Customers will often be instructed to complete online forms to register their interest, before receiving a call from someone impersonating a genuine investment firm or broker. Criminals are also using social media and digital messaging services to promote bogus investment opportunities, including in forex trading and cryptocurrency – the latter fuelled by the demand for virtual currencies such as Bitcoin.
- Romance scams: The pandemic is also thought to have helped to drive up cases of romance fraud, as social distancing restrictions led to a significant increase in online dating and provided an opportunity for criminals to take advantage of this.
- Job scams: Another popular scam are job scams with many on online platforms, but to watch as probably most suspicious are ones that ask the prospective employee to pay a fee to get hired, or where potential employers ask someone to pay for training or equipment before starting, otherwise suspicious or too-good-to-be-true job offers, or job applications that ask for unnecessary information (like social security numbers or Bank details, etc).
- Malicious Payee or Payment Scams: where the victim pays for goods (e.g. cars, technology, holiday rentals and concert tickets), that are never shipped and the seller disappears usually from online platforms or social media;
- Advance Fee Scams: where a criminal convinces their victim to pay a fee which they claim would result in the release of a much larger payment or high value goods, which are also called 419 scams named after the section in Nigeria’s penal code relevant to these types of crimes.
Many of these scams have evolved as a result of the COVID pandemic, where criminals adapted and evolved their methods to take advantage of the increase in remote working and people spending more time online and being more contactable by email. A number of the techniques can be combined for example Investment and romance scams which may also involve job scams in a new scam know as pig butchering:
- Pig Butchering: this new scam – called “pig butchering” – or sha zhu pan in Chinese – refers to the process of scammers “fattening” their victims by slowly building their trust before moving in for the kill. It became widely reported around 2019 as a scam that was targeting men in China, but the criminals have since widened their net. In the UK, there is no specific data on pig-butchering but nationwide, crypto fraud is rising rapidly. In the year to December 2022, reported losses in all crypto scams rose 72% to more than £329 million, according to ActionFraud. Pig butchering is a sophisticated new twist that combines a romance scam with an investment fraud and involves a time-tested, heavily scripted, and contact intensive process to fatten up the victim before slaughter. This scam is predominately executed by a ring of cryptocurrency scammers who mine dating apps and social media sites in search of victims. It involves a con artist creating a fake profile used to reach out to potential victims often through social media, WhatsApp, Tinder or other dating sites, and even random texts, masquerading as an incorrect number or an old acquaintance. The goal is to initiate a cordial discussion with the victim, attempting to be their “new friend” or “lover”. The new friend creates reasons to continue a conversation, which leads to multiple calls. While building trust with the victim, they slowly introduce the idea of making a business investment using cryptocurrency. The victims are encouraged to invest small amounts in the beginning and the scammer will make sure to post a modest gain on the investment. They may even allow the victim to withdraw money once or twice to convince them the process is legitimate. The victim is then persuaded to invest larger amounts on the fake platform, sometimes hundreds of thousands of dollars. Once the money is sent to the fake investment app, the scammer vanishes, taking all the money with them, resulting in significant losses for the victim.
- Pig Butchering involves human trafficking: In order to carry out the scam, the criminals have lured thousands of people into “scam sweatshops” run by Chinese criminal syndicates, many of them in the Cambodian coastal city of Sihanoukville, but also elsewhere in South East Asia. Enticed by fake job ads, the workers are coerced into defrauding people around the world. If they resist, they can face beatings, food deprivation or electric shocks. In a statement in August 2022, the UN’s special rapporteur on human rights in Cambodia, Vitit Muntarbhorn, described the conditions endured by trafficking victims as a “living hell”. He wrote: “If the scammer refuses to comply with the orders, the person might be tortured or locked in various compounds surrounded by barbed wire and iron fencing to prevent escape.”
6.2.2 Scams Targeting Business:
Whilst the above are largely targeted at individuals a number of scams are focussed on businesses such as against CEOs or Business e mail compromise and malicious redirection scams.
- CEO Fraud: where the scammer manages to impersonate the CEO or other high ranking official of the victim’s organisation usually by impersonating e mail (BEC – Business E Mail Compromise) to convince the victim to make an urgent payment to the scammer’s account; and
- Malicious Redirection Scams: which often involve an invoice or mandate, where the victim attempts to pay an invoice to a legitimate payee, but the criminal intervenes to convince the victim to redirect the payment to an account they control.
In fact, nearly all frauds and scams targeted at the private individual and or businesses seek to exploit some sort of online vulnerability, whether it be investment scams promoted on search engines, fake goods listed on auction sites or romance fraudsters abusing online dating sites.
There has also been an increase in criminals recruiting people to become money mules – this is where people are paid to receive money into their account before transferring it to another account, with the funds being stolen or illegally obtained. Money mule recruiters have been posting fake adverts on jobs websites and social media to target those looking for work, particularly young people and foreign students in particular.
6.2.3 Cyber Enabled Payment Scams: In order to successfully carry out payment scams, the scammer tries to build up a relationship with the victim to make a payment based on false pretences, in order to get a fictitious product, job, service, romance or make a fictitious or risky investment. The better the scammer gets to know the victim, the personal circumstances and builds up a relationship the more likely the scam is to work, as the victim relies on the scammer, eventually make a payment once the deception has worked. Impersonation scams of people holding important social positions try to short circuit this trust building requirement, as the position held itself is used to embody already sufficient trust for the victim to be deceived. Much of the relationship building and communication occurs online or through mobile and social media channels, and rarely face to face or on video, though telephone scams have long been a staple of this genre.
7. Country Risks:
Whilst no country is immune to fraud and scams, it’s a bigger problem for rich advanced countries, with high digital penetration, high growth rates for e commerce, with payment before delivery the norm, high levels of financial inclusion, low levels of cash usage, and of course relative very high levels of wealth. It is estimated that much of the fraud is initiated from overseas locations and once a victim has been defrauded the payment & the money arrives in the criminal’s account, or in an intermediary mule account, the criminal will quickly transfer the money out to other accounts, to other jurisdictions, where it is then cashed out, which can make it difficult to trace.
There are areas in South Asia, in particular that have been identified as hotspots for locations for fraudsters and scammers including call centres in India and Bangladesh and for pig butchering in particular in Cambodia, but also Laos and Myanmar.
When it comes to cyber, it is well established that cybercrime as well as cyber attacks have been identified as coming from Iran, Russia & North Korea.
8. More Vulnerable Persons:
Criminals are able to target a large number of people through e mail and telephone and through phishing, but they can and do also target single individuals such as CEOs or senior business leaders with authority in connection with CEO scams but also evidence does exist that vulnerable people, for example the financially immature (under 25s) and the elderly (over 75s) may be more susceptible to deception.
According to IBM’s Global Financial Fraud Impact Report 2022 they reported that millennials (1981 – 1996) were most susceptible to all manner of payment fraud types, ahead of Generation X (1965 – 1980), Generation Z (1997 -2012) and last of these 4, baby boomers (1946 – 1964).
Other groups may also have increased vulnerabilities, for example, individuals with a mental health problem or dementia are three times more likely than the rest of the population to have been a victim of an online scam, through impaired decision-making, increased impulsivity and low motivation which can all make it difficult to spot scams and avoid losing money or personal information. In addition, those with mental health problems are more likely to be isolated or experiencing financial difficulties, meaning they are more likely to become a victim of an online scam. Falling victim to an online scam can also have a negative impact on mental health and finances. Becoming a victim can also be a traumatic experience, with 40% of online scam victims reporting having felt stressed and 28% having felt depressed as a result.
9. Channels, Products & Services:
With ever increasing digital devices used by consumers, the use of digital channels increase the fraud risks over traditional branch, cash and face to face channels. Of all the channels, the internet appears the most susceptible to fraudsters & scammers, followed by mobile & telephone. Faster type payments are mostly used to try to avoid interdiction and tracking as well as making payments to foreign countries, breaking up the payments and cashing out in cash.
10. Money Laundering Techniques:
Money laundering techniques used by criminals to wash illicit funds from other crimes are also used by fraudsters and scammers. Nevertheless some important particular characteristics for fraud and scams include the fact that cash usually plays much less of a role and electronic payments the focus. Moving funds quickly via faster payments in a clear trend and overseas to be cashed out quickly another one. The need for speed and distance once funds are moved from and by the victim is essential for the success of the fraud or scammer, so prevention is much more important than detection and or reporting in the case of fraud and scams than would otherwise be the case with other financial crimes.
11. Case Study: Losses, Victims, Prevention & Reimbursements – United Kingdom :
12. Fraud as a major financial crime in the UK
Fraud, in it’s many forms, affects the public and private sectors, as well as targeting directly individuals and even charities. Whilst fraud and scams in particular focussed on financial gain via payments, cards, accounts and other financial instruments (“payment fraud and scams”) represent a significant proportion of UK crime cases, the numbers of cases and the amounts generated appear to be plateauing. The amounts involved against individuals are significant but are not the largest component compared to fraud against the public sector (government programmes and activities or against the private sector (businesses).
For more details on Fraud in the UK and the Response to Fraud in the UK over 5 decades and a detailed chronology see: HERE
12.1 UK Crime Statistics:
To put fraud into a broader U.K. crime context as well as focussing in particular on payment fraud and scams the following is relevant, noting the UK adult population estimated at 57 million:
- an adult in the UK had a 16.8% or 1 in 6 chance of experiencing crime in 2021 with:
- fraud was the most likely crime against individuals in England and Wales in the year ending June 2022 with 3.8 million estimated number of actual or attempted incidents of fraud comprising 41% (year to June 2022) of all crimes against individuals compared to 30% in the year ending March 2017
- fraud crimes affected 6.6% of adults (in England & Wales’s to June 2022) representing a 1 in 15 chance, (with payment fraud and scams the most common – with a 5.8% or 1 in 17 chance of crime.
- thefts of 5.5% or a 1 in 18 chance, of which 3% or a 1 in 33 chance of being a victim of vehicle related theft
- sexual assault at 2% or 1 in 50 (including attempted offences – year to September 2022)
- illegal drug use at 3 million or 5% (1 in 20 adults) with drug use disorders estimated at 995,002 individuals or effecting 1.7% (1 in 60)
- domestic abuse effecting an estimated 2.4 million adults (4.2% or 1 in 24) (1.7 million women and 699,000 men)
- 136,000 (0.24% or 1 in 417) estimated as human trafficking victims (2018)
- 663 homicide victims at 11 per 1 million people.
12.2 UK Crime Statistics focussed on Payment Fraud & Scams:
- fraud has taken over from theft as the most common crime in the UK (though fraud usually involves the same elements as theft but is classified separately). Theft rates continue their decades long decline to 2.6 million incidents in 2022 down 20% from March 2020, and down from 5.4 million incidents in 2012 (down 52%) and from the high of 11.5 million incidents in 1995 (down 77%).
- the declines in theft rates in recent years are being compensated by the rise in fraud and scams. By adding the 3.1 million financial fraud and scam cases to the theft cases, you get to approximately the same levels of theft seen in 2006 at approx 5.7 million cases, which suggests that whilst physical crimes such as theft have seen serial year on year declines these are being replaced by new forms of theft and reported as fraud and scams carried out remotely.
- whilst fraud via payment fraud and scams has been the likely fastest growing crime over the last decade, it is no longer, with payment fraud and scam levels plateauing, being replaced in the UK based in recent government crime figures identifying sexual offences rising much at 22% over 18 months to September 2022, with an estimated annual 200,000 cases, of which approx 70,000 were rape cases.
- estimates for overall fraud vary. A widely accepted estimate of fraud loss was published by the UK’s Association of Chief Police Officers in 2006 estimating a minimum figure for the direct costs of fraud was almost £13 billion. The UK’s National Fraud Authority published 3 estimates during its 4 year existence for years 2010 through to 2013, updating the estimate from £30 billion in 2010 to £39 billion in 2011 to £79 billion in 2012 and to £52 billion in 2013 was down from £73 billion in 2012 and up from £38 billion in 2011. When broken down by sector, the indicator in 2013 revealed that fraud losses to the public sector amounted to £20.6 billion, the private sector lost £21.2 billion, the not-for-profit sector lost £147 million and individuals lost £9.1 billion.
- with fraud including payment fraud and scams now the most common type of crime they also represent a significant opportunity for organised crime, with proceeds from organised fraud and scams against businesses and the public sector in the UK in (2015/16) estimated in 2019 to be £8.9 billion with £5 billion attributable to organised tax fraud. This compares to the estimated proceeds from drug trafficking of £3.7 billion and of organised acquisitive crime (OAC) of £550 million.
- cyber crime is a major enabler of fraud; data obtained via data breaches, phishing and malware is used directly to commit fraud, or is sold online to other fraudsters. It is estimated by the UK’s National Crime Agency that the internet plays a role in at least 54% of all fraud.
- according to the Annual Fraud Indicator 2017, which was produced by private sector bodies, fraud was estimated to cost the public sector at least £40.3 billion (21.2%) annually (tax, health, benefit fraud etc) and cost the private sector £140 billion (74%) annually (procurement, payroll, payment fraud etc). Fraud committed directly against individuals was estimated to cost £6.8 billion (3.6%) with costs to charities of £2.3 billion (1.2%).
- In June 2021, the House of Commons Public Accounts Committee published a report on Fraud (and error) estimating that in the public sector fraud and error was estimated to cost up to £51.8 billion (range of £29.3 billion to £51.8 billion) every year with £26.8 billion estimated to be in the main tax and benefits systems, for example, in 2020-2021, fraud within the universal credit benefits system rose to an all-time high of 14.5%, or £5.5 billion. The UK Cabinet Office estimates the rest at between £2.5 billion to £25 billion or 0.5% – 5% of non tax and benefit fraud that is likely undetected and affects other government activities and departments. The 0.5% – 5%, “is based on academic research and fraud measurement activities in the US government, the EU and the private sector, and 24 measurement exercises undertaken since 2015 by Cabinet Office across £3.6 billion of expenditure. With approx around £503 billion of UK central government public sector expenditure each year, fraud of £51.8 billion represents about 10.3% overall.
- Based on findings published in 2021 by the House of Commons Public Accounts Committee (see above) that 10.3% of central UK government expenditure would be estimated subject to fraud or error, with central government expenditure rising to £534.8 billion for 2022/2023 10.3% would represent estimates for public sector fraud losses of £55 billion. With all UK public sector expenditure estimated at £1,182 billion for 2022/2023 10.3% would represent estimates for public sector fraud losses of £131.7 billion.
12.3 More Data on UK Payment Fraud & Scams:
- overall payment fraud & scam cases increased in 2021 by 2.3% to 3,108,463 and losses to £1.313 billion, up from 3,064,000 and £1.204 billion or by 3.9% from 2020. Half year losses for 1H 2022 of £610.1M is slightly down on 2H2022 at £614.8M, but significantly down on the 1H 2022 of £698.5M which represent the high point for overall payment fraud and scam losses since recent consistent reporting began. The high point is considered by many to be influenced by the effects in behaviour due to the Covid pandemic with many more people at home and online and most susceptible to attack from malware, phishing and other cyber activities.
- average case losses were £420 per case in 2020 and £422 per case in 2021. Recent figures show falls in 1H 2022 to £413 per case. The high point for average losses appears to be in 1H2021 at £438.
- losses in 2021 for payment fraud and scams can be broken down into fraud losses (unauthorised e.g. stolen ID, Cards Passwords etc) with £730 million of losses or a decrease of 2.5% and scam losses (authorised through deception) with £583 million of losses or an increase of 18%. 1H 2022 figures for unauthorised fraud of £361 million and for authorised fraud of £249.1 million represent an increase over the previous half year for unauthorised fraud of 7.7% but a decrease for authorised fraud of 13%.
- payment fraud and scam losses would have been much larger but for the actions of UK banks and financial institutions who were able to prevent attempted payment fraud and scams which would have resulted in additional losses of £1.4 billion or 63% of the attempted unauthorised payment frauds carried out in 2021, down from £1.6 billion or 67% in 2020. In 1H 2022, prevention rates have again fallen to £584 million.
- victims of authorised payment scams received reimbursements to £140.1 million in 1H 2022, representing a high of 56% of overall losses. This is an increase on 51% reported for 2021 (see below) and 36.5% in 2020.
- whilst UK citizens (aged 15 or over) have a 5.8% or 1 in 17 chance of falling victim to a successful financial fraud or scam, they also have a 4.6% or 1 in 22 chance where card details are stolen to buy goods or services by the criminal; a 0.6% or 1 in 167 for lost or stole or card fraud & a 0.4% or 1 in 250 chance of being a victim of authorised payment fraud through criminal deception (scams).
- Whilst the number of victims of most fraud types appeared to have plateaued with overall losses falling by 7%, from 2020 to 2021, scams still showed an increase with cases up by 35% & losses by 18%. In IH 2022 this changed with scam cases flatlining but losses falling and unauthorised fraud cases falling but losses rising again, reflecting a trend that could be seen in the 2H 2021 figures.
- The most profitable frauds in 2021 were cheque fraud with average losses at £7,852, unauthorised remote banking at £2,256 & card ID theft at £665.
- The most profitable scams are significantly more profitable than payment frauds, with the most profitable in 2021 being CEO frauds generating average losses of £27,549, followed by Investment scams at £14,220, Malicious Redirection scams at £13,094, Romance scams at £9,450 & Impersonation scams at £3,861.
- The most likely scams to successfully deceive victims in 2021 were Malicious Payee or Payment scams (51% of scams), followed by impersonation scams (28% of scams), Advance Fee scams (10% of scams) & Investment scams (6% of scams).
- the least likely in 2021 were Malicious Redirection scams (2.5% of scams), Romance scams (1.67% of scams) & CEO scams (0.2% of scams).
- cyber crime plays a significant role in payment fraud and scams, for example in 2021 for unauthorised remote banking, cyber (internet and mobile) represents approx 92% of the losses incurred. For authorised payment scams (APP) they represent 71% of value and 98% of cases.
- when carrying out scams, criminals by and large move money from the victim as soon as possible using UK “faster payments” in 97% of cases representing 83% of total losses in 2021.
- once a victim has authorised the payment & the money arrives in the criminal’s account, (via intermediary mule accounts), the criminal will quickly transfer the money out to other accounts, often abroad, where it is then cashed out, which can make it difficult to trace.
- when carrying out scams in particular, criminals target the younger and older as considered more vulnerable, for example the youngest age group of under 25s experienced the highest rate of fraud attack, followed by the oldest age group of over 75s, though millennials (1981 – 1986) also appear susceptible to attack by criminals in this regard. According to U.K. Action Fraud ages 20 – 39 experienced more cases with losses more with 50 – 69 year olds, & 90% affecting individuals and a gender balance with 51% of victims female and 49% male in 2020/21.
- the top 5 countries where fraud on UK issued cards occurs (2017-21) were Ireland, USA, Luxembourg, Netherlands & Malta. Top 5 countries where fraud occurs in the UK on foreign issued cards are: USA, France, Hong Kong, Canada & Australia.
- less than 1% of police personnel involved in conducting fraud investigations in the year ending March 2020
- the number of fraud cases that resulted in a charge or summons during the year ending March 2022 was just 4,816.
13. Reimbursement to Victims
Banks and other FI’s in the UK are required to reimburse customers for unauthorised payment fraud, except in situations where the bank or FI has reason to believe the victim should have been aware that for example payment details had been lost or stolen and had not reported it. As such a bank or FI can only refuse to refund a victim if it has evidence that the victim acted fraudulently, or with ‘gross negligence’, or ‘involving conduct exhibiting a significant degree of carelessness’. A Bank or FI cannot bank can’t say that use of a correct password or Pin proves that the victim authorised a payment, although victims have complained this continues to happen with some Banks and or FI’s. The position for authorised payment fraud or scams is more problematic as usually the victim has approved and or carried out the payment transaction, albeit due to deception. Nevertheless based on a voluntary code introduced in 2019, covering over 90% of authorised payment fraud or scams, has resulted in 182,976 cases being assesses in 2021 with a total value of £467.5 million. According to UK Finance £238.1 million of these losses were returned to victims under the voluntary code, accounting for 51% of losses in these cases. 1H 2022 figures suggest this number has increased to 56%.
A proposal by the UK Payments Regulator, (the Payment Systems Regulator) will require Banks & FI’s to reimburse within 48 hours customers scammed and tricked into sending money by deception if the amount exceeds £100 (which will not be reimbursed and is to be the responsibility of the victim. The maximum claim would be a £1 million per payment. The time limit on claims would be no less than 13 months. The PSR plans to introduce the new rules once it has expanded powers, expected sometime in the first half of 2023, and implemented no later than during 2024.
14. Investigating Fraud including Payment Fraud & Scams
Only a small proportion of frauds are subject to police investigation. Of the more than 800,000 frauds reported to Action Fraud, CIFAS & UK Finance in 2020/21 only 58,210 were disseminated for further investigation representing a 7% escalation rate. In the year ending September 2021, 7,609 prosecutions for fraud & forgery were started with a conviction rate of 84.9% (6,460). This represents approx 0.73%% of fraud cases reported during the year or 0.17% of all estimated frauds. The numbers of convictions have declined to 6,640 in 2021 compares unfavourably to 10,465 convictions in 2016, and from a high of 15,481 in 2010.
With 1.35 million people going through the UK justice system (in the Year to June 2022), fraud prosecutions represent just 0.56% of total prosecutions, despite being estimated at approx 41% of all UK crimes. Fraud convictions can carry up to 10 years in prison for the most severe cases, however where the amount is less than £5,000 the sentencing guidelines maximum tariff is a 12 month custodial sentence, but most receive a fine or community order.
Resourcing and prioritisation in the police and justice system has been identified as a significant issue for some time, for example in December 2018, the Police Foundation, reported research which revealed that, whilst the police received 277,561 reports of fraud in April 2017 to March 2018, only 8,313 (3%) led to criminal charges, falling to 1.3% if crimes reported by CIFAS and UK Finance are factored in (638,882 reports in total).This compares to 13% of reported crimes overall that result in a charge, summons or community resolution. In their report their research found that: 78% of fraud cases involved a suspect and a victim living in different police force areas, 69% of fraud cases investigated by police were cyber enabled and 43% involved first contact being made online, in 69% of forces all or most fraud investigations were carried out by non-specialist officers, even though the research found that specialist investigators handle cases more effectively, Just 0.8% of the police workforce work in specialist economic crime teams, meaning there is a lack of dedicated resource for dealing with fraud. Furthermore, 1 in 13 frauds or 7.7% of cases reported to the police were allocated an investigation in 2017-18. Fraud investigations also take longer than most other criminal investigations. Fraud cases notified to Action Fraud took on average 54 days to disseminate to police forces for investigation. The average length of time from reporting to charging for fraud offences was 514 days compared to just 50 days for theft offences. Note whilst the Police Foundation reported that there were 1,455 FTE police personnel working in economic crime in England and Wales, 667 of these were civilian staffs and economic crime covered fraud, money laundering, corruption, etc. In 2017, the total number of police officers in England and Wales was 123,143, which would mean the 788 police officers amounted to 0.6% of police officers dedicated to fraud.
Payment fraud and scams have been growing and target in particular individuals and especially the more vulnerable which can inflict both significant financial loss and distress. The UK has experienced significant growth in this type of crime with significant numbers of cases and losses incurred but also with significant success in preventing losses and compensating victims, where they were not at fault. As cases and losses rose over the last decade and were boosted because of factors involving the pandemic and the cost of living crises it has created the perfect breeding ground for fraud and scams. Lockdowns led to millions of novice users of online banking and shopping who were relatively easy prey for villains. The downturn in the economy may also lead to another rise although cases and losses appear to have plateaued.
A new UK Fraud Strategy and Action Plan is expected to be published by the UK Government shortly, which will include a focus on payment fraud and scams. It will take more than just Government to tackle fraud successfully, and the public and private sectors will need to play their parts, in a more joined up way and individuals will have to take more responsibility for protecting themselves from fraud. There is also room for others to do more, including the police, and in the private sector, telecoms and technology, VC, online platforms and social media.
For more on what kind of response is required see a future Part 2 in this series on Spotlights on Fraud coming soon.